IG2 IG3

Apply Secure Design Principles in Application Architectures

Control Group: 16. Application Software Security

Asset Type: Applications

Security Function: Protect

Description

Apply secure design principles in application architectures. Secure design principles include the concept of least privilege and enforcing mediation to validate every operation that the user makes, promoting the concept of "never trust user input." Examples include ensuring that explicit error checking is performed and documented for all input, including for size, data type, and acceptable ranges or formats. Secure design also means minimizing the application infrastructure attack surface, such as turning off unprotected ports and services, removing unnecessary programs and files, and renaming or removing default accounts.

Implementation Checklist

1

Assess current protection controls in place

2

Configure and deploy required security controls

3

Test control effectiveness in non-production environment

4

Deploy to production and verify functionality

5

Document configuration and operational procedures

Tool Recommendations

Veracode Gartner MQ Leader, Application Security Testing 2024

Application security platform with SAST, DAST, SCA, and developer training for secure software development

Veracode · Per-application subscription

Checkmarx One Gartner MQ Leader, Application Security Testing 2024

Cloud-native application security platform with SAST, SCA, DAST, API security, and supply chain security testing

Checkmarx · Per-developer subscription

Synopsys Software Integrity Gartner MQ Leader, Application Security Testing 2024

Application security testing suite with SAST (Coverity), SCA (Black Duck), and DAST for comprehensive AppSec

Synopsys · Per-developer subscription

Threats & Vulnerabilities (CIS RAM)

Threat Scenarios

Privilege Escalation Through Missing Access Mediation

Confidentiality

An application fails to validate user authorization on every operation, allowing an attacker to escalate privileges by directly accessing administrative functions because secure design principles like enforced mediation were not applied.

Input Validation Bypass Leading to Remote Code Execution

Integrity

An application accepts user input without proper validation or sanitization, allowing an attacker to inject malicious payloads because the architecture was not designed with the principle of never trusting user input.

Excessive Attack Surface from Unnecessary Application Features

Confidentiality

An application exposes unnecessary APIs, debug endpoints, and administrative interfaces in production because the design did not follow the principle of minimizing the attack surface.

Vulnerabilities (When Safeguard Absent)

Application Architecture Lacks Secure Design Principles

Without applying principles like least privilege, input validation, and attack surface minimization during the design phase, the application's fundamental architecture contains structural security weaknesses.

No Enforcement of Mediation on User Operations

Absence of the mediation principle in application design means user operations are not consistently validated for authorization, enabling horizontal and vertical privilege escalation attacks.

Evidence Requirements

Type	Evidence Item	Collection Frequency
Technical	Configuration screenshots or exports showing protection controls enabled	Captured quarterly
Document	Procedure documentation for protection measures	Reviewed annually
Document	Governing policy document (current, approved, communicated)	Reviewed annually